How to restrict access from network to network?

I

Igor Krivintsov2021-07-26 11:22:47

Mikrotik

Igor Krivintsov, 2021-07-26 11:22:47

Good afternoon.
Help me understand how to restrict networks from each other.
There is a Mikrotik with Vlan, I want to restrict the network between Vlan 7 and Vlan 9, I tried through the firewall, I created 2 rules
add action=drop chain=forward dst-address=172.16.7.0/24 src-address=172.16.9.0/24
add action =drop chain=forward dst-address=172.16.9.0/24 src-address=172.16.7.0/24, but these rules don't help.
https://pastebin.com/mvAuRKDH - Route configuration
https://pastebin.com/Xx2RDqmz - Interface configuration
Tried with route rules also without success.
Apparently due to the fact that my vlan is all in bridge , how can I make restrictions then?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

I

Igor Krivintsov, 2021-08-04
@wizart23

It turned out that the rules still worked, I did not conduct the tests correctly. It turned out only when 1s stopped working due to the created rule.

D

Denis Melnikov, 2021-07-26
@Mi11er

In general, the rules are correct.
Here is their order, take a look. Maybe your allow rule is higher than the deny rule.

D

Drno, 2021-07-26
@Drno

Look at the menu ip>routes>rules

K

Konstantin Zaitsev, 2021-07-26
@KonstantineZ

I correctly understood, you put vlan`s in one bridge? Then your restrictions should not work, traffic goes through the bridge bypassing the firewall and it seems like routes too. The bridge has a separate filter aka firewall, try writing rules in it. Only filtering on the bridge does not differ in performance.